One thought on “Which Cisco AMP file disposition valid?”
Correct Answer: B
Understanding File Dispositions
The system determines file dispositions based on the disposition returned by the Cisco cloud. A file can
have one of the following file dispositions returned by the Cisco cloud, as a result of addition to a file
list, or due to threat score:
• Malware indicates that the cloud categorized the file as malware.
• Clean indicates that the cloud categorized the file as clean, or that a user added the file to the clean
list.
• Unknown indicates that a malware cloud lookup occurred before the cloud assigned a disposition. The
cloud has not categorized the file.
• Custom Detection indicates that a user added the file to the custom detection list.
• Unavailable indicates that the ASA FirePOWER module could not perform a malware cloud
lookup. You may see a small percentage of events with this disposition; this is expected behavior
Correct Answer: B
Understanding File Dispositions
The system determines file dispositions based on the disposition returned by the Cisco cloud. A file can
have one of the following file dispositions returned by the Cisco cloud, as a result of addition to a file
list, or due to threat score:
• Malware indicates that the cloud categorized the file as malware.
• Clean indicates that the cloud categorized the file as clean, or that a user added the file to the clean
list.
• Unknown indicates that a malware cloud lookup occurred before the cloud assigned a disposition. The
cloud has not categorized the file.
• Custom Detection indicates that a user added the file to the custom detection list.
• Unavailable indicates that the ASA FirePOWER module could not perform a malware cloud
lookup. You may see a small percentage of events with this disposition; this is expected behavior